==Phrack Inc.==
Volume Two, Issue Eleven, Phile #11 of 12
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN *>=-{ Phrack World News }-=<* PWN
PWN PWN
PWN Issue X PWN
PWN PWN
PWN Written, Compiled, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Scan Man Revisited January 19, 1987
------------------
The following is a reprint from TeleComputist Newsletter Issue Two;
SCAN MAN - FED OR PHREAK? (The Other Side)
TeleComputist is printing the statement Scan Man has made to us
[TeleComputist] in rebuttal to Phrack World News, whom previously printed an
article concerning Scan Man in Phrack Issue VIII. Those of you who have seen
or read the article in Phrack VIII know that it basically covered information
and an intercepted memo alleging Scan Man of going after hackers and turning
in codes off his BBS (P-80 Systems, Charleston, West Virginia 304/744-2253) as
a TMC employee. Please note that this statement should be read with the
article concerning Scan Man in Phrack Issue VIII to get the full
understanding.
Scan Man started off his statement claiming not to work for TMC, but
instead for a New York branch office of Telecom Management (a Miami based
firm). He was flown in from Charleston, West Virginia to New York every week
for a four to five day duration. Once in New York, Telecom Management made
available a leased executive apartment where Scan Man stayed as he worked.
His position in Telecom Management was that of a systems analyst, "...and that
was it!" Scan Man stated. Scan Man also stated that he had never made it a
secret that he was working in New York and had even left messages on his BBS
saying this.
He also went on to say that he had no part in the arrest of Shawn [of
Phreaker's Quest] (previously known as Captain Caveman) by TMC in Las Vegas.
Scan Man claimed to have no ties with TMC in Las Vegas and that they would not
even know him. Scan Man then went on to say that Shawn had never replied to
previous messages Scan man had left asking for TMC codes. Scan Man also said
that the messages about TMC were in no way related to him. He claimed to have
no ties to TMC, which is a franchised operation which makes even TMC unrelated
except by name.
Scan Man stated that he called Pauline Frazier and asked her about the
inquiry by Sally Ride [:::Space Cadet] who acted as an insider to obtain the
information in Phrack VIII. He said that Pauline said nothing to the imposter
(Sally Ride) and merely directed him to a TMC employee named Kevin Griffo.
Scan Man then went on to say that the same day Sally Ride called Pauline
Frazier was the same day he received his notice. And to that Scan Man made
the comment, "If I find out this is so heads will roll!"
After that comment, Scan Man came up with arguments of his own, starting
off with the dates printed in Phrack VIII. He claimed that the dates were off
and backed this up by saying Ben Graves had been fired six months previously
to the conversation with Sally Ride. Scan Man then went on to ask why it had
taken Sally Ride so long to come forward with his information. Scan Man made
one last comment, "It's a fucking shame that there is a social structure in
the phreak world!" Meaning Sally Ride merely presented his information to
give himself a boost socially in the phreak world.
This is how it ended. We would like to say that TeleComputist printed the
statement by Scan Man to offer both sides of the story. We make no judgements
here and take no sides.
Reprinted with permission from TeleComputist Newsletter Issue 2
Copyright (C) 1986 by J. Thomas. All Rights Reserved
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ok, that was Scan Man's side to the story, now that he had a few months to
come up with one. Lets do a critical breakdown;
-*- "He was flown in from Charleston, West Virginia to New York every week for
a four to five day duration."
Gee, wouldn't that get awfully expensive? Every week...and "made
available a leased executive apartment..." He must have been quite an
asset to "Telecom Management" for them to spend such large amounts on him.
Kinda interesting that he lived in Charleston, West Virginia (where
surprisingly enough there is a branch of TMC) and flew to New York every
week.
-*- "Scan Man claimed to have no ties with TMC in Las Vegas..." Ok, I'll buy
that. Notice how he didn't say that he had no ties with TMC in
Charleston. Furthermore if he had no ties with TMC in Charleston why
would they have his name in their company records? Why would all those
employees know him or dislike him for that matter?
-*- "Scan Man then went on to say that the same day Sally Ride called Pauline
Frazier was the day he received his notice." Well now, how can there be a
connection between the two events at all when Scan Man works for Telecom
Management and has "no ties with TMC" and claimed "not to work for TMC"?
If TMC and Telecom Management are truly independent of each other then
nothing Sally Ride said to Pauline Frazier could have affected him in ANY
way. That is unless he did work for TMC in the first place.
-*- "...and back this up by saying that Ben Graves had been fired six months
previously to the conversation with Sally Ride." Well first of all, PWN
did not give a date as to when Ben Graves was fired from TMC. Second of
all and more important, how does Scan Man know so much about TMC when he
works for "Telecom Management" and has "...no ties with TMC..."?
The rest of his statements were highly debatable and he showed no proof as to
their validity. As for why Sally Ride waited so long to come forward, well he
didn't wait that long at all, he came forward to myself in late May/early June
of 1986. My decision was to do nothing because there wasn't enough proof.
After three months of research we had enough proof and the article was
released.
With this attempt to cover up the truth, Scan Man has only given more
ammunition to the idea that he isn't what he claims to be.
Special Thanks to TeleComputist Newsletter
______________________________________________________________________________
The Cracker Cracks Up? December 21, 1986
----------------------
"Computer 'Cracker' Is Missing -- Is He Dead Or Is He Alive"
By Tom Gorman of The Los Angeles Times
ESCONDIDO, Calif. -- Early one morning in late September, computer hacker Bill
Landreth pushed himself away from his IBM-PC computer -- its screen glowing
with an uncompleted sentence -- and walked out the front door of a friend's
home here.
He has not been seen or heard from since.
The authorities want him because he is the "Cracker", convicted in 1984 of
breaking into some of the most secure computer systems in the United States,
including GTE Telemail's electronic mail network, where he peeped at NASA
Department of Defense computer correspondence.
He was placed on three years' probation. Now his probation officer is
wondering where he is.
His literary agent wants him because he is Bill Landreth the author, who
already has cashed in on the successful publication of one book on computer
hacking and who is overdue with the manuscript of a second computer book.
The Institute of Internal Auditors wants him because he is Bill Landreth the
public speaker who was going to tell the group in a few months how to make
their computer systems safer from people like him.
Susan and Gulliver Fourmyle want him because he is the eldest of their eight
children. They have not seen him since May 1985, when they moved away from
Poway in northern San Diego county, first to Alaska then to Maui where they
now live.
His friends want him because he is crazy Bill Landreth, IQ 163, who has pulled
stunts like this before and "disappeared" into the night air -- but never for
more than a couple of weeks and surely not for 3 months. They are worried.
Some people think Landreth, 21, has committed suicide. There is clear
evidence that he considered it -- most notably in a rambling eight-page
discourse that Landreth wrote during the summer.
The letter, typed into his computer, then printed out and left in his room for
someone to discover, touched on the evolution of mankind, prospects for man's
immortality and the defeat of the aging process, nuclear war, communism versus
capitalism, society's greed, the purpose of life, computers becoming more
creative than man and finally -- suicide.
The last page reads:
"As I am writing this as of the moment, I am obviously not dead. I do,
however, plan on being dead before any other humans read this. The idea is
that I will commit suicide sometime around my 22nd birthday..."
The note explained:
"I was bored in school, bored traveling around the country, bored getting
raided by the FBI, bored in prison, bored writing books, bored being bored. I
will probably be bored dead, but this is my risk to take."
But then the note said:
"Since writing the above, my plans have changed slightly.... But the point is,
that I am going to take the money I have left in the bank (my liquid assets)
and make a final attempt at making life worthy. It will be a short attempt,
and I do suspect that if it works out that none of my current friends will
know me then. If it doesn't work out, the news of my death will probably get
around. (I won't try to hide it.)"
Landreth's birthday is December 26 and his best friend is not counting on
seeing him again.
"We used to joke about what you could learn about life, especially since if
you don't believe in a God, then there's not much point to life," said Tom
Anderson, 16, a senior at San Pasqual High School in Escondido, about 30 miles
north of San Diego. Anderson also has been convicted of computer hacking and
placed on probation.
Anderson was the last person to see Landreth. It was around September 25 --
he does not remember exactly. Landreth had spent a week living in Anderson's
home so the two could share Landreth's computer. Anderson's IBM-PC had been
confiscated by authorities, and he wanted to complete his own book.
Anderson said he and Landreth were also working on a proposal for a movie
about their exploits.
"He started to write the proposal for it on the computer, and I went to take a
shower," Anderson said. "When I came out, he was gone. The proposal was in
mid-sentence. And I haven't seen him since."
Apparently Landreth took only his house key, a passport, and the clothes on
his back.
Anderson said he initially was not concerned about Landreth's absence. After
all this was the same Landreth who, during the summer, took off for Mexico
without telling anyone -- including friends he had seen just the night before
-- of his departure.
But concern grew by October 1, when Landreth failed to keep a speaking
engagement with a group of auditors in Ohio, for which he would have received
$1,000 plus expenses. Landreth may have kept a messy room and poor financial
records, but he was reliable enough to keep a speaking engagement, said his
friends and literary agent, Bill Gladstone, noting that Landreth's second
manuscript was due in August and had not yet been delivered.
But, the manuscript never came and Landreth has not reappeared.
Steve Burnap, another close friend, said that during the summer Landreth had
grown lackadaisical toward life. "He just didn't seem to care much about
anything anymore."
Typed for PWN by Druidic Death
From The Dallas Times Herald
______________________________________________________________________________
Beware The Hacker Tracker December, 1986
-------------------------
By Lamont Wood of Texas Computer Market Magazines
If you want to live like a spy in your own country, you don't have to join the
CIA or the M15 or the KGB. You can track hackers, like John Maxfield of
Detroit.
Maxfield is a computer security consultant running a business called
BoardScan, which tracks hackers for business clients. He gets occasional
death threats and taunting calls from his prey, among whom he is known as the
"hacker tracker," and answers the phone warily.
And although he has received no personal harassment, William Tener, head of
data security for the information services division of TRW, Inc., has found it
necessary to call in experts in artificial intelligence from the aerospace
industry in an effort to protect his company's computer files. TRW is a juicy
target for hackers because the firm stores personal credit information on
about 130 million Americans and 11 million businesses -- data many people
would love to get hold of.
Maxfield estimates that the hacker problem has increased by a factor of 10 in
the last four years, and now seems to be doubling every year. "Nearly every
system can be penetrated by a 14-year old with $200 worth of equipment," he
complains. "I have found kids as young as nine years old involved in hacking.
If such young children can do it, think of what an adult can do."
Tener estimates that there are as many as 5,000 private computer bulletin
boards in the country, and that as many as 2,000 are hacker boards. The rest
are as for uses as varied as club news, customer relations, or just as a hobby.
Of the 2,000 about two dozen are used by "elite" hackers, and some have
security features as good as anything used by the pentagon, says Maxfield.
The number of hackers themselves defies estimation, if only because the users
of the boards overlap. They also pass along information from board to board.
Maxfield says he has seen access codes posted on an east coast bulletin board
that appeared on a west coast board less than an hour later, having passed
through about ten boards in the meantime. And within hours of the posting of
a new number anywhere, hundreds of hackers will try it.
"Nowadays, every twerp with a Commodore 64 and a modem can do it, all for the
ego trip of being the nexus for forbidden knowledge," sighs a man in New York
City, known either as "Richard Cheshire" or "Chesire Catalyst" -- neither is
his real name. Cheshire was one of the earliest computer hackers, from the
days when the Telex network was the main target, and was the editor of TAP, a
newsletter for hackers and phone "phreaks". Oddly enough, TAP itself was an
early victim of the hacker upsurge. "The hacker kids had their bulletin
boards and didn't need TAP -- we were technologically obsolete," he recalls.
So who are these hackers and what are they doing? Tener says most of the ones
he has encountered have been 14 to 18 year old boys, with good computer
systems, often bright, middle class, and good students. They often have a
reputation for being loners, if only because they spend hours by themselves at
a terminal, but he's found out-going hacker athletes.
But Maxfield is disturbed by the sight of more adults and criminals getting
involved. Most of what the hackers do involves "theft of services" -- free
access to Compuserve, The Source, or other on-line services or corporate
systems. But, increasingly, the hackers are getting more and more into credit
card fraud.
Maxfield and Cheshire describe the same process -- the hackers go through
trash bins outside businesses whose computer they want to break into looking
for manuals or anything that might have access codes on it. They may find it,
but they also often find carbon copies of credit card sales slips, from which
they can read credit card numbers. They use these numbers to order
merchandise -- usually computer hardware -- over the phone and have it
delivered to an empty house in their neighborhood, or to a house where nobody
is home during the day. Then all they have to do is be there when the delivery
truck arrives.
"We've only been seeing this in the last year," Maxfield complains. "But now
we find adults running gangs of kids who steal card numbers for them. The
adults resell the merchandise and give the kids a percentage of the money."
It's best to steal the card number of someone rich and famous, but since
that's usually not possible it's a good idea to be able to check the victim's
credit, because the merchant will check before approving a large credit card
sale. And that's what makes TRW such a big target -- TRW has the credit
files. And the files often contain the number of any other credit cards the
victim owns, Maxfield notes.
The parents of the hackers, meanwhile, usually have no idea what their boy is
up to -- he's in his room playing, so what could be wrong? Tener recalls a
case where the parents complained to the boy about the high phone bill one
month. And the next month the bill was back to normal. And so the parents
were happy. But the boy had been billing the calls to a stolen telephone
company credit card.
"When it happens the boy is caught and taken to jail, you usually see that the
parents are disgruntled at the authorities -- they still think that Johnny was
just playing in his bedroom. Until, of course, they see the cost of Johnny's
play time, which can run $50,000 to $100,000. But outside the cost, I have
never yet seen a parent who was really concerned that somebody's privacy has
been invaded -- they just think Johnny's really smart," Tener says.
TRW will usually move against hackers when they see a TRW file or access
information on a bulletin board. Tener says they usually demand payment for
their investigation costs, which average about $15,000.
Tales of the damage hackers have caused often get exaggerated. Tener tells of
highly publicized cases of hackers who, when caught, bragged about breaking
into TRW, when no break-ins had occurred. But Maxfield tells of two 14-year
old hackers who were both breaking into and using the same corporate system.
They had an argument and set out to erase each other's files, and in the
process erased other files that cost about a million dollars to replace.
Being juveniles, they got off free.
After being caught, Tener says most hackers find some other hobby. Some,
after turning 18, are hired by the firms they previously raided. Tener says
it rare to see repeat offenders, but Maxfield tells of one 14-year-old repeat
offender who was first caught at age 13.
Maxfield and Tener both make efforts to follow the bulletin boards, and
Maxfield even has a network of double agents and spies within the hacker
community. Tener uses artificial intelligence software to examine the day's
traffic to look for suspicious patterns. TRW gets about 40,000 inquiries an
hour and has about 25,000 subscribers. But that does not address the
underlying problem.
"The real problem is that these systems are not well protected, and some can't
be protected at all," Maxfield says.
Cheshire agrees. "A lot of companies have no idea what these kids can do to
them," he says. "If they would make access even a little difficult the kids
will go on to some other system." As for what else can be done, he notes that
at MIT the first thing computer students are taught is how to crash the
system. Consequently, nobody bothers to do it.
But the thing that annoys old-timer Cheshire (and Maxfield as well) is that
the whole hacker-intruder-vandal-thief phenomenon goes against the ideology of
the original hackers, who wanted to explore systems, not vandalize them.
Cheshire defines the original "hacker ethic" as the belief that information is
a value-free resource that should be shared. In practice, it means users
should add items to files, not destroy them, or add features to programs,
rather than pirate them.
"These kids want to make a name for themselves, and they think that they need
to do something dirty to do that. But they do it just as well by doing
something clever, such as leaving a software bug report on a system," he
notes.
Meanwhile, Maxfield says we are probably stuck with the problem at least until
the phone systems converts to digital technology, which should strip hackers
of anonymity by making their calls easy to trace.
Until someone figures out how to hack digital phone networks, of course. -TCM
Typed for PWN by Druidic Death
______________________________________________________________________________